CVE-2017-7529

high

Description

Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.

References

Advisories
More

https://support.apple.com/kb/HT212818

https://puppet.com/security/cve/cve-2017-7529

https://access.redhat.com/errata/RHSA-2017:2538

http://www.securitytracker.com/id/1039238

http://www.securityfocus.com/bid/99534

http://seclists.org/fulldisclosure/2021/Sep/36

http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html

Details

Source: Mitre, NVD

Published: 2017-07-13

Updated: 2025-04-20

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.91909

Detections

Analytics